Vulnerability Name:

CVE-2001-0170 (CCN-5907)

Assigned:2001-01-10
Published:2001-01-10
Updated:2017-10-10
Summary:glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: BUGTRAQ
Type: Vendor Advisory
20010110 Glibc Local Root Exploit

Source: CCN
Type: BugTraq Mailing List, Wed Jan 10 2001 - 01:06:48 CST
Glibc Local Root Exploit

Source: CCN
Type: BugTraq Mailing List, Wed Jan 10 2001 - 12:31:22 CST
Re: Glibc Local Root Exploit

Source: BUGTRAQ
Type: Patch, Vendor Advisory
20010110 [slackware-security] glibc 2.2 local vulnerability on setuid binaries

Source: MITRE
Type: CNA
CVE-2001-0170

Source: CCN
Type: RHSA-2001-001
glibc file read or write access local vulnerability

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2001:001

Source: BID
Type: Patch, Vendor Advisory
2181

Source: CCN
Type: BID-2181
glibc RESOLV_HOST_CONF File Read Access Vulnerability

Source: CCN
Type: Slackware Security Advisory
glibc 2.2 local vulnerability on setuid binaries

Source: XF
Type: UNKNOWN
linux-glibc-read-files(5907)

Source: XF
Type: UNKNOWN
linux-glibc-read-files(5907)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:immunix:immunix:7.0_beta:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.0es:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:ecommerce:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:graficas:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:debian:debian_linux:2.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.0:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.0:*:i386:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:2.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    immunix immunix 7.0_beta
    conectiva linux 4.0
    conectiva linux 4.0es
    conectiva linux 4.1
    conectiva linux 4.2
    conectiva linux 5.0
    conectiva linux 5.1
    conectiva linux 6.0
    conectiva linux ecommerce
    conectiva linux graficas
    debian debian linux 2.3
    redhat linux 7.0
    redhat linux 7.0
    gnu glibc 2.1.9
    debian debian linux 2.3
    redhat linux 7
    redhat linux 7.1
    redhat linux 7.2
    redhat linux 7.3